Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

An anonymous reader writes "In a February 2013 ACM Queue / Communications of the ACM article, A decade of OS access-control extensibility, Robert Watson at the University of Cambridge credits 2000s-era DARPA security research, distributed via FreeBSD, for the success of sandboxing in desktop, mobile, and embedded systems such as Mac OS X, iOS, and Juniper's Junos router OS. His blog post about the article argues that OS security extensibility is just as important as more traditional file system (VFS) and device driver extensibility features in kernels — especially in embedded environments where UNIX multi-user security makes little sense, and where tradeoffs between performance, power use, functionality, and security are very different. This seems to fly in the face of NSA's recent argument argument that one-size-fits-all SELinux-style Type Enforcement is the solution for Android security problems. He also suggests that military and academic security researchers overlooked the importance of app-store style security models, in which signed application identity is just as important as 'end users' in access control."

This is a nice and relevant example to/., but aren't there plenty of other examples where DARPA has ultimately benefited people other than the military? Like say.. the ARPAnet lead to the Internet, or mainframes to cloud computing, or virtual reality to video games, or onion routing to TOR. I know there are plenty of smarter/.ers who can think of a bazillion more examples.

Yes. The list is too long to even bother to post. But I'd wager most of what we take for granted, generally and technologically specifically, has its roots in public spending. If it wasn't publicly funded research projects that brought the technology to a state usable by private enterprise, or public money creating a market and demand for products that no one else could afford, our world would be vastly different today, and lacking in a lot. This is why I shudder at people who say that our government spending is the problem. Couldn't be further from the truth.

Actually, following DARPA's decision to yank support of the POSSE project [wikipedia.org] allegedly due to comments of Theo de Raadt, it had been theorized that DARPA subsequently took a dim view of not just OBSD but other BSD projects, not related to Theo, such as FBSD. So given that, the headline of this story is somewhat surprising.

It however does explain why DARPA developed SELinux, as well as making their security features more based on Linux than the BSDs

SELinux and "UNIX multi-user security" are not referring to the same thing. This doesn't "fly in the face" of anything. I'm 99.9% sure "Unix multi-user security" is referring to user/group/world permission bits per file/directory. That doesn't help all that much in the realm of embedded systems, as they said. SELinux is an entirely different beast, and achieves many of the same results as signed executables and sandboxing, and some more (and vice-versa).

Except that the essentially randomized configurations of SELinux are so complex that no one, and i mean *no one*, uses it in production. Out of roughly 30,000 Linux systems I've helped deploy, it's been left active in "Strict" mode in about 3, and those had to turn it off pretty quickly as projects found it hampered actual work.

"To discuss operating system security is to marvel at the diversity of deployed access-control models: Unix and Windows NT multiuser security [acm.org].. This diversity is the result of a stunning transition from the narrow 1990s Unix and NT status quo to security localization"

To mention Unix and Windows NT security in the one sentence, just begs credulity...

"Windows NT [wikipedia.org] and its successors.. were not initially designed with Internet security in mind"

"To discuss operating system security is to marvel at the diversity of deployed access-control models: Unix and Windows NT multiuser security [acm.org].. This diversity is the result of a stunning transition from the narrow 1990s Unix and NT status quo to security localization"

To mention Unix and Windows NT security in the one sentence, just begs credulity...

"Windows NT [wikipedia.org] and its successors.. were not initially designed with Internet security in mind"

I think you're confusing Windows NT the operating system (NT3, NT4, 2000, XP, etc.) with NT the kernel and security model, which was designed to be POSIX compliant, which implies lining up with "unix multi-user security" and is also done in such a way as to be tweakable to mimic many of the SELinux advancements. The OS I could do without; the security model as originally baked in (and then ignored in preference of interoperability with DOS/9x -- but it's still there) is actually pretty network-savvy. It's

You get a nod, for seeming to know your stuff. I think you may actually be right, in some alternate reality.

The problem is, in this reality, only the unix-likes have ever been released with a functioning security model. The security on my computers, as installed and scripted by default, is time tested, and has been improved with time. The Windows security model mostly just sits in the backroom, next to an open door (or window) and collects fungus. Almost no one actually brings it out into the workspace,

It's not much more valuable. The line between code and data is often quite blurry. For example, a lot of browser exploits have been due to vulnerabilities in libpng or libjpeg, where a malformed image caused some part of the input image to be treated as code. Even if you signed the entire binary, all of its libraries, and all of its config files, you aren't guaranteeing that the code is bug free. It protects you against a specific kind of adversary: one trying to persuade you to install a trojan by pret